ComboFix 12-02-10.03 - Alex 02/10/2012 16:57:38.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4056.2927 [GMT -5:00]
Running from: c:\users\Alex\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~8JntlRdmQcf4nC
c:\programdata\~8JntlRdmQcf4nCr
c:\programdata\8JntlRdmQcf4nC
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Alex\Desktop\System Check.lnk
c:\users\Alex\Firefox Setup 10.0_1.exe
c:\windows\s.bat
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 22:03 . 2012-02-10 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-10 20:57 . 2012-02-10 20:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-10 01:15 . 2012-02-10 01:15 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-10 01:15 . 2012-02-10 01:15 -------- d-----w- c:\users\Alex\AppData\Roaming\FixTDSS
2012-02-09 02:44 . 2012-02-09 02:45 -------- d-----w- C:\6010b44034f764d1a9
2012-02-08 19:01 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-02-08 19:01 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2012-02-08 19:01 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2012-02-08 19:01 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-02-08 18:53 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-08 18:53 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-08 18:53 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-08 18:53 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-07 20:00 . 2012-02-07 20:00 -------- d-----w- c:\users\Alex\AppData\Roaming\AVG
2012-02-06 00:18 . 2012-02-06 00:18 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-06 00:18 . 2012-02-07 00:06 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-06 00:18 . 2012-02-06 00:18 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-02-06 00:17 . 2012-02-10 21:50 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-02-05 23:26 . 2012-02-05 23:28 -------- d-----w- c:\program files\CCleaner
2012-02-05 03:02 . 2012-02-05 04:36 -------- d-----w- C:\Documents2
2012-02-03 18:06 . 2012-02-06 02:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy1
2012-02-03 06:47 . 2012-02-03 06:47 -------- d-----w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2012-02-01 05:27 . 2012-02-01 05:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-01 05:11 . 2012-02-01 05:30 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-02-01 05:10 . 2012-02-01 05:10 -------- d-----w- c:\windows\PCHEALTH
2012-02-01 05:08 . 2012-02-01 05:08 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-02-01 05:07 . 2012-02-01 05:07 -------- d-----w- c:\users\Alex\AppData\Local\Microsoft Help
2012-02-01 05:07 . 2012-02-01 05:07 -------- d-----r- C:\MSOCache
2012-02-01 02:40 . 2012-02-01 02:40 -------- d-----w- c:\users\Alex\AppData\Roaming\TestApp
2012-02-01 02:40 . 2012-02-01 02:40 -------- d-----w- c:\programdata\PC Tools
2012-01-31 13:31 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 13:31 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-31 13:31 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 13:31 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 13:31 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 13:31 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-31 13:31 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-31 13:31 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-31 13:31 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-28 19:05 . 2012-01-28 19:05 -------- d-----w- c:\program files\iPod
2012-01-28 19:05 . 2012-01-28 19:05 -------- d-----w- c:\program files\iTunes
2012-01-28 19:05 . 2012-01-28 19:05 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 16:25 . 2012-01-11 00:07 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:57 . 2011-12-14 19:28 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 11:38 . 2011-06-24 10:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-18 20:55 . 2012-01-11 00:07 1585152 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 20:55 . 2012-01-11 00:07 1167984 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-18 18:07 . 2012-01-11 00:07 76800 ----a-w- c:\windows\system32\packager.dll
2011-11-18 17:47 . 2012-01-11 00:07 66560 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-06 00:18 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-06 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2008-08-05 8857488]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2008-09-11 5541792]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-02-06 939872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0\0sdnclean64.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - AVGIDSEH
*Deregistered* - Avgrkx64
*Deregistered* - Avgtdia
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 02:42]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 02:42]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4245361820-4210316582-3963639369-1003Core.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-09 07:16]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4245361820-4210316582-3963639369-1003UA.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-09 07:16]
.
2012-02-10 c:\windows\Tasks\User_Feed_Synchronization-{0422D2B5-98C1-4BE9-BEFD-2BF564BDE206}.job
- c:\windows\system32\msfeedssync.exe [2011-09-26 20:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1236776]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wm51n1e4.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B466b4273-6f86-42e3-8e95-3258532723be%7D&mid=4c7223c9798147d68137d16a1cf4f288-fb466962c3a5a5ecbc4f36b40361249fa830a644&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-02-05%2019%3A18%3A10&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TmlCMode - c:\program files (x86)\Compal\TmlCMode\TmlCMode.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
.
**************************************************************************
.
Completion time: 2012-02-10 17:10:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-10 22:10
.
Pre-Run: 191,265,615,872 bytes free
Post-Run: 191,300,395,008 bytes free
.
- - End Of File - - 1A5775C23BBB8881DA65E4F53B7311FD

Awesome! The computer seems to be doing great. No blue screen shutdowns, and no more redirects. Thank you so much for your help!

OTL Extras logfile created on: 2/10/2012 5:50:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.60% Memory free
8.13 Gb Paging File | 6.79 Gb Available in Paging File | 83.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 240.21 Gb Total Space | 177.04 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 37.21 Gb Free Space | 95.44% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 40 B5 B2 99 C4 BA C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11AE0082-D110-40A6-A7FC-B8563264D2E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3128670E-E63E-4CED-BC3F-BB9D81F4D8A6}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{32A12E2B-C2A6-4DF4-9E9C-3A778CB8C65B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{339605E3-D989-4AB6-B2DA-2C901A25A081}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{3A4A3916-FCEB-4A55-8AA5-73400BCC48B3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B58C372-639B-45CA-ADA4-CBFFD71E3155}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{64910820-1139-4153-B3E5-F074A5D14A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{67633EA5-D8D6-4216-8FD7-02C15D883644}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7932F4E9-6968-466C-A6EA-028210406FD5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8176D7FA-CF07-4FF8-B846-7AE7BA8F0ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{9A99620C-2D3D-4F27-84AA-1B7948B4C9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9CE7DC97-9DD4-4DE1-89EC-094FB03C298B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{9D68363C-FB52-4B11-93B5-56B6228C7A3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2BCCCF1-DF09-4F57-8813-D32B105DC364}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{ADABF9AC-FD46-4615-B09F-DC844EAEB64F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B668ACF5-C244-4654-9B1A-9BB785A2766E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9BBC791-2CD7-490B-B38F-2F9CD64C58E6}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BE414063-4B9A-42CD-8AA9-75069D4C2A0E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C122B924-E28B-4FAA-B2EC-EA90B8F0224F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C379DCBB-5702-4E5F-8C91-E5A549CF8610}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C7F06C86-E3CD-4EA4-AC3D-411664ADE173}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C8FAA33C-3E59-400B-95B0-B83564EE293E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E75524DB-EDB6-4A3D-8B58-C9FF56769B2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{F17F8D47-7DB6-412A-8EE8-9C2DD5949E19}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2E07DC3-138C-4680-BC0F-4C56E18EAE8D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F60AF511-34D9-48B7-91B4-6FB0D1658204}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B059BBA1-D29C-4EFC-83CE-1FBAFA0021F2}" = O2Micro Flash Memory Card Reader Driver (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi Software
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"98F430CBCDF7F19069C50A7D55044EEBE2311133" = Windows Driver Package - Lenovo (ACPIVPC) System (01/03/2008 3.1.0.1)
"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{26E9EE62-5517-4C46-8B6E-B7C9A0A95D66}" = SWelCntr
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6345DBAE-79E8-443A-9A21-926DA3998A70}" = Lenovo First Boot
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"EasyCapture3.0" = EasyCapture
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2010 10:15:49 PM | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8856488

Error - 8/23/2010 10:15:49 PM | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8856488

Error - 8/24/2010 1:18:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 1:19:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 1:19:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 3026
Description =

Error - 8/24/2010 1:20:34 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 1:21:05 AM | Computer Name = Alex-PC | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 10:04:40 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 10:05:25 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 10:06:11 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

[ Media Center Events ]
Error - 6/8/2009 8:55:01 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2009 9:07:21 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/15/2010 3:37:57 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL Extras logfile created on: 2/10/2012 5:50:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.60% Memory free
8.13 Gb Paging File | 6.79 Gb Available in Paging File | 83.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 240.21 Gb Total Space | 177.04 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 37.21 Gb Free Space | 95.44% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 40 B5 B2 99 C4 BA C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11AE0082-D110-40A6-A7FC-B8563264D2E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3128670E-E63E-4CED-BC3F-BB9D81F4D8A6}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{32A12E2B-C2A6-4DF4-9E9C-3A778CB8C65B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{339605E3-D989-4AB6-B2DA-2C901A25A081}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{3A4A3916-FCEB-4A55-8AA5-73400BCC48B3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B58C372-639B-45CA-ADA4-CBFFD71E3155}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{64910820-1139-4153-B3E5-F074A5D14A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{67633EA5-D8D6-4216-8FD7-02C15D883644}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7932F4E9-6968-466C-A6EA-028210406FD5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8176D7FA-CF07-4FF8-B846-7AE7BA8F0ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{9A99620C-2D3D-4F27-84AA-1B7948B4C9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9CE7DC97-9DD4-4DE1-89EC-094FB03C298B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{9D68363C-FB52-4B11-93B5-56B6228C7A3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2BCCCF1-DF09-4F57-8813-D32B105DC364}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{ADABF9AC-FD46-4615-B09F-DC844EAEB64F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B668ACF5-C244-4654-9B1A-9BB785A2766E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9BBC791-2CD7-490B-B38F-2F9CD64C58E6}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BE414063-4B9A-42CD-8AA9-75069D4C2A0E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C122B924-E28B-4FAA-B2EC-EA90B8F0224F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C379DCBB-5702-4E5F-8C91-E5A549CF8610}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C7F06C86-E3CD-4EA4-AC3D-411664ADE173}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C8FAA33C-3E59-400B-95B0-B83564EE293E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E75524DB-EDB6-4A3D-8B58-C9FF56769B2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{F17F8D47-7DB6-412A-8EE8-9C2DD5949E19}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2E07DC3-138C-4680-BC0F-4C56E18EAE8D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F60AF511-34D9-48B7-91B4-6FB0D1658204}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B059BBA1-D29C-4EFC-83CE-1FBAFA0021F2}" = O2Micro Flash Memory Card Reader Driver (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi Software
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"98F430CBCDF7F19069C50A7D55044EEBE2311133" = Windows Driver Package - Lenovo (ACPIVPC) System (01/03/2008 3.1.0.1)
"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{26E9EE62-5517-4C46-8B6E-B7C9A0A95D66}" = SWelCntr
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6345DBAE-79E8-443A-9A21-926DA3998A70}" = Lenovo First Boot
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"EasyCapture3.0" = EasyCapture
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2010 10:15:49 PM | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8856488

Error - 8/23/2010 10:15:49 PM | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8856488

Error - 8/24/2010 1:18:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 1:19:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 1:19:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 3026
Description =

Error - 8/24/2010 1:20:34 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 1:21:05 AM | Computer Name = Alex-PC | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 10:04:40 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 10:05:25 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 8/24/2010 10:06:11 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
Description =

[ Media Center Events ]
Error - 6/8/2009 8:55:01 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2009 9:07:21 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/15/2010 3:37:57 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Sorry, that's what happens when I try to multitask...

OTL logfile created on: 2/10/2012 5:50:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.60% Memory free
8.13 Gb Paging File | 6.79 Gb Available in Paging File | 83.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 240.21 Gb Total Space | 177.04 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 37.21 Gb Free Space | 95.44% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 17:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\OTL.exe
PRC - [2012/02/05 19:18:05 | 000,909,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/02/05 19:18:02 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2008/08/04 19:47:56 | 008,857,488 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/07/29 14:40:38 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/07/20 23:19:52 | 002,701,880 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2007/02/12 03:43:46 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/05 19:18:02 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2005/06/24 23:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/19 17:51:44 | 001,430,288 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/10/19 17:29:38 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/07/29 14:40:38 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 03:37:24 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2012/02/05 19:18:05 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/11 11:23:49 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/12 03:43:46 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/09 20:15:06 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixTDSS.sys -- (FixTDSS)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/10/18 04:15:18 | 007,959,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64) ___ Intel(R)
DRV:64bit: - [2010/08/25 22:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/19 08:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/18 08:13:34 | 000,067,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\funfrm.sys -- (funfrm)
DRV:64bit: - [2008/10/15 13:58:32 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2008/09/10 23:32:32 | 001,015,040 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2008/07/11 02:08:52 | 000,055,360 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tvtumon.sys -- (tvtumon)
DRV:64bit: - [2008/06/29 17:52:46 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/06/17 21:28:48 | 000,118,768 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSVD.sys -- (WSVD)
DRV:64bit: - [2008/06/11 21:29:32 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2008/05/21 11:36:34 | 000,263,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/05/13 00:48:40 | 000,062,424 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/04/29 04:56:42 | 000,014,336 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2008/04/29 04:55:34 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/04/27 18:38:14 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/04/25 12:16:32 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys -- (enecirhidma)
DRV:64bit: - [2008/04/10 09:11:18 | 000,325,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/25 04:51:18 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/25 04:47:08 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/25 04:45:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/01/24 21:32:12 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2007/10/18 03:37:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/07/03 20:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2007/07/03 20:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/07/03 20:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007/07/03 20:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2007/01/18 17:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2006/06/18 10:27:26 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/12/18 08:13:47 | 000,053,248 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\FunFrm.dll -- (funfrm)
DRV - [2008/10/15 13:58:34 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/10/25 19:06:04 | 000,017,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\EMSC.SYS -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 D5 1A BB B2 E1 CC 01 [binary data]
IE - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B466b4273-6f86-42e3-8e95-3258532723be%7D&mid=4c7223c9798147d68137d16a1cf4f288-fb466962c3a5a5ecbc4f36b40361249fa830a644&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-02-05%2019%3A18%3A10&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/02/05 19:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/03 12:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/01 00:11:28 | 000,000,000 | ---D | M]

[2012/02/03 12:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2012/02/03 12:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/05 19:18:21 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
[2012/01/29 10:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/03 00:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/05 19:18:01 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/10 17:05:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AE9DAF-C64A-4E3E-B211-9687BF252C76}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F795AEEA-6978-45C4-8C3B-AD428CDFCFBA}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 17:10:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/10 16:55:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/10 16:55:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/10 16:55:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/10 16:55:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/10 16:55:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/10 15:57:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/10 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\bootkit_remover
[2012/02/09 20:15:06 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
[2012/02/09 20:15:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\FixTDSS
[2012/02/08 21:44:56 | 000,000,000 | ---D | C] -- C:\6010b44034f764d1a9
[2012/02/07 15:00:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\AVG
[2012/02/05 21:37:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/05 19:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/02/05 19:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/02/05 19:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/02/05 19:17:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/02/05 18:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/04 22:02:49 | 000,000,000 | ---D | C] -- C:\Documents2
[2012/02/03 13:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy1
[2012/02/03 01:47:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/01 00:15:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Microsoft Office
[2012/02/01 00:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/01 00:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/02/01 00:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/02/01 00:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/02/01 00:10:32 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/01 00:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/02/01 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/02/01 00:07:23 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Microsoft Help
[2012/02/01 00:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/02/01 00:07:00 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/01/31 21:40:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\TestApp
[2012/01/31 21:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/28 14:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/28 14:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/28 14:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/28 14:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/03/05 17:48:40 | 000,131,072 | ---- | C] ( ) -- C:\Windows\vm331Rmv.exe

========== Files - Modified Within 30 Days ==========

[2012/02/10 17:50:00 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0422D2B5-98C1-4BE9-BEFD-2BF564BDE206}.job
[2012/02/10 17:07:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/10 17:05:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/10 17:05:07 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2012/02/10 17:05:05 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 17:05:05 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 17:05:05 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/10 17:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 17:04:52 | 4253,655,040 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 16:57:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4245361820-4210316582-3963639369-1003UA.job
[2012/02/10 16:23:03 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
[2012/02/10 16:13:09 | 000,001,356 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2012/02/10 15:20:02 | 517,316,934 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/10 06:58:19 | 000,044,607 | ---- | M] () -- C:\Users\Alex\Desktop\bootkit_remover.zip
[2012/02/10 06:53:13 | 000,600,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/10 06:53:12 | 000,102,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/09 21:57:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4245361820-4210316582-3963639369-1003Core.job
[2012/02/09 20:15:06 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
[2012/02/09 06:27:31 | 000,408,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/08 21:46:36 | 000,718,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/07 18:41:54 | 000,022,739 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/05 21:38:04 | 000,002,037 | ---- | M] () -- C:\Users\Alex\Desktop\Google Chrome.lnk
[2012/02/05 21:38:04 | 000,001,999 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/05 18:31:00 | 000,000,664 | ---- | M] () -- C:\Users\Alex\Desktop\iTunes - Shortcut.lnk
[2012/02/05 18:28:13 | 000,173,356 | ---- | M] () -- C:\Users\Alex\Documents\cc_20120205_182800.reg
[2012/02/04 20:14:51 | 000,002,651 | ---- | M] () -- C:\Users\Alex\Desktop\Microsoft Office Word 2007.lnk
[2012/02/03 12:51:22 | 000,000,912 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/03 12:51:22 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/31 15:55:38 | 000,000,629 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/29 21:21:51 | 000,227,376 | ---- | M] () -- C:\Users\Alex\Documents\TaxReturn-1.pdf
[2012/01/22 14:34:08 | 000,023,466 | ---- | M] () -- C:\Users\Alex\Documents\untitled_0.odt
[2012/01/15 16:52:02 | 000,006,786 | ---- | M] () -- C:\Users\Alex\Documents\AlexandraStrangeJournal1.350.rtf
[2012/01/15 16:51:36 | 000,007,137 | ---- | M] () -- C:\Users\Alex\Documents\AlexandraStrangeJournal1.rtf
[2012/01/15 15:49:11 | 000,027,214 | ---- | M] () -- C:\Users\Alex\Documents\Journal1.odt

========== Files Created - No Company Name ==========

[2012/02/10 16:55:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/10 16:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/10 16:55:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/10 16:55:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/10 16:55:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/10 15:58:33 | 4253,655,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/10 15:48:08 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
[2012/02/10 06:58:18 | 000,044,607 | ---- | C] () -- C:\Users\Alex\Desktop\bootkit_remover.zip
[2012/02/09 20:26:52 | 517,316,934 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/05 21:38:04 | 000,002,037 | ---- | C] () -- C:\Users\Alex\Desktop\Google Chrome.lnk
[2012/02/05 21:38:04 | 000,001,999 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/05 18:31:00 | 000,000,664 | ---- | C] () -- C:\Users\Alex\Desktop\iTunes - Shortcut.lnk
[2012/02/05 18:28:03 | 000,173,356 | ---- | C] () -- C:\Users\Alex\Documents\cc_20120205_182800.reg
[2012/02/03 12:51:22 | 000,000,912 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/03 12:51:22 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/03 12:51:22 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/01 00:15:31 | 000,002,651 | ---- | C] () -- C:\Users\Alex\Desktop\Microsoft Office Word 2007.lnk
[2012/01/31 15:09:17 | 000,000,629 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/31 14:35:50 | 000,023,466 | ---- | C] () -- C:\Users\Alex\Documents\untitled_0.odt
[2012/01/29 21:21:51 | 000,227,376 | ---- | C] () -- C:\Users\Alex\Documents\TaxReturn-1.pdf
[2012/01/15 16:52:00 | 000,006,786 | ---- | C] () -- C:\Users\Alex\Documents\AlexandraStrangeJournal1.350.rtf
[2012/01/15 16:51:32 | 000,007,137 | ---- | C] () -- C:\Users\Alex\Documents\AlexandraStrangeJournal1.rtf
[2012/01/12 21:05:56 | 000,027,214 | ---- | C] () -- C:\Users\Alex\Documents\Journal1.odt
[2011/03/23 19:34:44 | 000,003,584 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 19:23:58 | 000,001,356 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011/03/07 18:28:01 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/05 17:50:15 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/03/05 17:50:15 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/03/05 17:50:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/03/05 17:50:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/03/05 17:50:15 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/03/05 17:48:40 | 000,001,001 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2009/04/11 11:23:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/11 11:22:30 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/11 11:22:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/04/11 11:22:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2008/12/18 08:13:49 | 009,338,880 | ---- | C] () -- C:\Windows\SysWow64\Facev.dll
[2008/12/18 08:13:49 | 000,491,520 | ---- | C] () -- C:\Windows\SysWow64\picn.dll
[2008/12/18 08:13:49 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\image.dll
[2008/12/18 08:13:47 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FunFrm.dll
[2008/12/18 08:13:46 | 009,502,720 | ---- | C] () -- C:\Windows\SysWow64\FaceVerify.dll
[2008/12/18 08:13:46 | 001,564,672 | ---- | C] () -- C:\Windows\SysWow64\MainOp.dll
[2008/12/18 08:13:46 | 001,163,264 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2008/12/18 08:13:46 | 000,442,368 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2008/12/18 08:13:46 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\SetDev.dll
[2008/12/18 08:13:46 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\VideoOp.dll
[2008/12/18 08:13:46 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\Momo.dll
[2008/12/18 08:13:46 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\DevFilt.dll
[2008/12/18 08:13:35 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2008/12/18 08:13:29 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2008/12/18 07:43:04 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\EMSC.DLL
[2008/10/15 13:58:34 | 000,028,808 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2008/07/24 04:59:06 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/05/25 16:12:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon
[2012/02/07 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AVG
[2012/02/09 20:15:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FixTDSS
[2011/03/05 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Lenovo
[2011/03/05 18:20:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ooVoo Details
[2011/03/05 18:20:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2011/03/05 18:20:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sierra Wireless
[2012/01/31 21:40:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TestApp
[2011/03/05 18:20:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2012/02/10 17:04:07 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/10 17:50:00 | 000,000,472 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0422D2B5-98C1-4BE9-BEFD-2BF564BDE206}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 11:23:29 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/03/05 17:50:22 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/02/10 17:10:11 | 000,016,213 | ---- | M] () -- C:\ComboFix.txt
[2009/01/16 01:54:42 | 000,012,251 | ---- | M] () -- C:\FaceProv.log
[2012/02/10 17:04:52 | 4253,655,040 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/09 07:18:31 | 000,018,200 | ---- | M] () -- C:\ICAutoUpdate.log.bak
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/02/10 17:04:48 | 272,289,791 | -HS- | M] () -- C:\pagefile.sys
[2012/02/10 17:10:01 | 016,687,843 | ---- | M] () -- C:\sysiclog.txt
[2011/03/23 10:04:21 | 021,102,936 | ---- | M] () -- C:\sysiclog.txt.bak
[2005/07/06 01:44:10 | 000,000,496 | ---- | M] () -- C:\sysprep
[2012/02/10 15:57:52 | 000,076,362 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_10.02.2012_15.56.12_log.txt
[2012/02/10 16:12:56 | 000,075,400 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_10.02.2012_16.01.57_log.txt
[2011/01/06 15:35:31 | 000,000,341 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/02/10 17:05:07 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/04/11 11:26:01 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/05 18:56:59 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

The link for Temp File Cleaner won't work for me. Also, I ran ESET, and the first time it found one threat. I copied the log to my desktop and closed the window (bad move on my part). After that, I got a notification saying that it had not downloaded properly. I ran another scan and no threats were found. Here are the other logs:

All processes killed
========== OTL ==========
File C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 42610 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13264285 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 2870 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24375 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb


[EMPTYJAVA]

User: Alex
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Alex
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02102012_193537

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````


Farbar Service Scanner Version: 10-02-2012
Ran by Alex (administrator) on 10-02-2012 at 19:56:49
Running from "C:\Users\Alex\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
Attention! C:\Windows\System32\dhcpcore.dll is missing.
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-11-08 14:12] - [2011-09-20 16:06] - 1423744 ____A (Microsoft Corporation) 73BED5067ED53A9DF05FA8EAB42578D0

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 12:22] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-04-11 11:23] - [2009-04-11 11:23] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-04-11 11:23] - [2009-04-11 11:23] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2009-04-11 11:23] - [2009-04-11 11:23] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-04-11 11:22] - [2009-04-11 11:22] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-04-11 11:23] - [2009-04-11 11:23] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll
[2011-03-05 18:53] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2009-04-11 11:23] - [2009-04-11 11:23] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-04-11 11:22] - [2009-04-11 11:22] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2009-04-11 11:23] - [2009-04-11 11:23] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-04-11 11:23] - [2009-04-11 11:23] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

Computer seems to be doing well. It's slow moving during set up, but otherwise all is well. Here is the log from OTL:


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 72583 bytes
->Temporary Internet Files folder emptied: 35883 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 124679235 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1010 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13228 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 371680 bytes

Total Files Cleaned = 119.00 mb


[EMPTYFLASH]

User: Alex
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Alex
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02102012_233043

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...